Posted
by
timothyon Wednesday February 20, 2002 @09:53AM
from the one-of-the-trends-in-my-filter-list dept.

SomeoneYouDontKnow writes: "Seems there's been lots of spam news lately. This piece from Wired describes how frustrated sysadmins in the West are responding to a torrent of Asian spam by simply refusing all e-mail from that part of the world. As anyone who's ever reported spam to Asian ISPs can attest, getting a response of any kind is almost impossible, so some ISPs are simply giving up on receiving any mail from them. Setting up barriers like this is regrettable, but when the originating ISPs refuse to take responsibility for the actions of their users or close their open mail servers, there would seem to be no other choice. Has anyone ever had any kind of constructive conversation with one of these ISPs to see why they are unable or unwilling to do anything?"

As the Ex-AbuseDesk admin at a local ISP, I must say that I wanted to do that VERY badly, but wasn't allowed to. There's simply no way to get a response from them. I have absolutely no qualms about cutting communication off from them. It's just so frustrating for EVERYONE.

On the other end, if many of those domains are in the Orbz [orbz.org] or other blacklists, maybe just using those would be better.

On the other end, if many of those domains are in the Orbz [orbz.org] or other blacklists, maybe just using those would be better

Do the reading. Despite the shrieking tone of the article, what we are talking about here is Spamhaus [spamhaus.org] blacklisting China Telecom, not "all Asian ISP's". That's the entire story. And Spamhaus themselves suggest that their list should be used in conjunction with an open relay list.

I feel bad for the legitimate Asian users of e-mail trying to communicate with their comrades in the West, but it has been proven that this is the only way that ISPs will finally own up to the task of stopping spammers abusing the networks. Look what just the mere threat of the Usenet Death Penalty did to @Home--they have cleaned up their act significantly.

Strange as it is to say, this 'denial of service' is one that I think may actually have some future positive effect. The way the world seems to work is that no one will bother to do anything unless you threaten them with the loss of their service, and then they take action. Sad, but true.

The sort of denial of service that you suggest is unlikely to motivate reform unless each ISP is banned on an individual basis, and can be reformed on an individual basis. The carrot of being reinstated must exist. If the whole region is banned whether regardless of that particular ISP's behavior, then that ISP will have no incentive to correct its ways.

It may be necessary to eventually threaten those ISPs with being blocked, but still there are a lot of *constructive* steps that could be used to help the situation.

**Like actually bothering to translate your contact messages into various non-English languages. After all, when was the last time You, as a sysadmin, responded to an informative message to postmaster@your.org that was written in an Asian language?? I didn't think so...

A good example of when warning or trying to educate an ISP doesn't work is Broadwing.net. Alan Ralsky, one of the fathers of spam, uses them all the damned time. They provide connectivity for spamming operations that abuse open relay, host spamertised sites, and much more. They have been warned by everyone and their dogs. I used to LART them all the time before I finally gave up. I just blacklist their network. At last count that was 3/14s, a/24, and a/28. They can rot in my blacklist of hell for all I care.

While translation is a nice idea, I don't think it's worth my time to learn 20 different asian languages just so I can complain about spam. I'm sure not going to pay someone to translate for me to complain about spam. So what OTHER constructive steps can you come up with that are REALISTIC?

The bottom line is that if asia doesn't want to get firewalled, they need to get agressive about closing open relays. Note that I don't descriminate against asia, I descriminate against EVERYONE that sends me spam. This include many european and south american netblocks / TLD's too.

Basically I don't get ANY legit email from these countries. Not blocking them would be silly.

Maybe someone with some spare time could start gathering standard spam-complaints in different languages from all around the world. Sort of like choose the language, spam-type, click 'ok', and copy/paste the resulting text into an e-mail. I'm sure lots of people all around the world have complained about spam once in a while, they'd be willing to forward their e-mails to such an anti-spam message repository.

Like actually bothering to translate your contact messages into various non-English languages. After all, when was the last time You, as a sysadmin, responded to an informative message to postmaster@your.org that was written in an Asian language??

The international language of snail mail is French. That's why air mail is par avion. It's like that all around the world and no one really complains. If the admin knows enough to postmaster@ he knows it should be in english. English is *the* offical language of email. Just look at the headers, I don't see a 'Od: instead of 'From:' or 'Temat:' instead of 'Subject:'.

Admins speak english, you can't really be a good admin if you can't communicate with your computer and 90% of software - even software created in non english speaking nations - is in english.

If you are a (non-military) pilot, you are *required* to have a minimal working knowledge of English. All radio communications are required to use English, by international treaty. In many other fields, English is used by convention, not explicit treaty. But it's still the most common shared language.

This isn't cultural imperialism, it's a recognition of the fact that we need a shared language - *any* shared language - and English is a good choice for it. It uses a simple alphabet, has simple conjugation rules, and a well-known "international English" subset that's sufficient for most routine interactions.

It's also important to remember the flip side of this - native English speakers need to be able to understand the heavily accented and mangled English of non-native speakers. In some ways this is harder than learning Int'l English - the non-native speakers only need to learn one language, we have to learn dozens of varients.

Bottom line: any ISP larger than a 2-person shop should have employees able to understand the gist of these complaints and to respond. Their English may be broken, but that's sufficient for communications to occur.

However, I expect that the former British Empire has a lot to do with the widespread familiarity with English. In this case, imperialism has a lot to do with it. For instance, the country of India uses English to overcome the many, many Hindi (and other?) dialects. This is clearly because of British Imperialism.

Working knowledge of English, both reading and writing, should be mandatory for anybody administrating an internet connected system. The key word is communication - people have to understand each other. There is no "equal right for every fucking language" in such a setting. Our only chance at universal mutual understanding (which is required here) is a universal mutually understood language.

BTW - have you noted that the RFCs are written in English ? Are you aware that all major programming languages are modeled after English ? Did it occur to you that up-to-date security information is dealt in English only ?

FWIW, I'm not a native English speaker (as you should know by now:-), don't live in an anglophone country, and didn't even learn it as first foreign language in school. Go figure.

is one thing. Not getting any cooperation when your own e-mail address is used as a false sender in the header of "enlarge your {certain male bodyparts}"-spam mails is a another thing. Ask me, it happened to me two weeks ago. I didn't even get a mail back from the provider.

Usually, when that happens, it's not only one mail, but hundreds or thousands. And in that case, you can rig your sendmail to mass-forward them back to source (i.e. assorted addresses at the originating ISP), and preferably via the same open relays that the spammer used himself. Start with abuse@, the also add support@, sales@, etc. If that doesn't help, add CEO and other employees, if you can find their e-mail addies. Then, finally, customers.

This technique worked wonders last time I had that problem at Bellsouth. N.B. When you do this, it is important that you don't forward the mail directly, or else they'll just firewall you off. If you use the spammer's own open relays, either:

The spammer only used one relay, and the fact that the ISP firewalls it off works both ways: spam problem solved!

Or he hops relays, so you relay-hop too. The ISP will need adding more and more addresses to their firewall, and eventually they'll figure that it is easyer to just boot the joe-jobbing spammer off.

Simply report them to the police - identity theft and fraud are considered real crimes even by clueless law enforcement offices that usually don't do anything about spammers. (Yes, I've done it before).

...you basically are letting the spammers win when you close off one of the biggest open communications medium known to human kind. Perhaps I'm overly sentimental about it and goodness knows I'd love to prevent about 80% of the spam I see (that seems to be about the ratio in terms of TLDs involving Asian netblocks) - still, I cannot really bring myself to doing it yet.

Well blocking whole areas is a start, but not an ideal solution.
I'm going to start filtering my email so that unless it meets one of the following conditions it gets rejected and sent back to the sender:-
1. The mail claims to be From someone I have pre-approved.
2. It's from a mailing list I've registered with.
3. It's sent To: a special purpose address within a couple of days of creating that address. (So I can post to newsgroups with addresses like jb10202 which will be valid for a couple of days for replies only)
4. The email contains a special approval code to bypass the checking.
The purpose of 4) is that when I get an email that is rejected it will send it back to the sender with an apology and a 4 digit random code which is valid only for a single mail from that address and only for 48 hours. They can simply forward the mail back to me and it will contain the code and get through.
I get *so* much spam, and 99% of my real email is from the same few address that I need to block the junk, and I think this scheme will annoy relativly few people, and not too much but should cut ALL the spam.
I've not implemented this yet, but it shouldn't be too hard to write.

I've been doing something like that for a while (periodically changing addresses for news posts). The trouble is that every address you use gets on spam lists and gets spammed forever. By having 100's of addresses, you get 100's of times more spam than you otherwise would. Even if you can filter it on arrival so you don't have to see it, it's still clogging your bandwidth and you can always filter a legitimate email.

I don't generate unique reply addresses per news post, but change addresses a few times a year. I have a bunch of old addresses that mostly get spam, so my filters dump incoming mail to them into a mailbox file that I look in every now and then. That's much less annoying than seeing the spam as it arrives, but still, it's better to keep the volume down.

I think I'll completely stop putting replyable email addresses on news posts. I'll just have a URL for my web site where people can leave me messages through a CGI. That lets me make another political statement too, since my web site runs SSL so any incoming messages I get from the CGI will be encrypted while in transit. We tell people to use ssh instead of telnet--we should also try to avoid sending email in the clear without a reason.

That's why you should get your own domain and host a website will a business that offers you unlimited email aliases.

Then all you do is create email aliases to your hearts content. I create a unique email address for any mailing list/website I sign up for so I instantly know when a mailing list/website has sold my email addy to someone else and I can shut it down straight away.

I think you might be interested in using self destructing email addresses. I've just started using TMDA [sourceforge.net]. You can set it up so that all outgoing email to someone that you don't know will generate a "dated" address. This address will be valid (by default) for 5 days. After 5 days, TMDA will automatically reject any email directed to it.

Other things you can do with TMDA include:

Requring anyone unknown to you to send a confirmation

Automatically adding all valid confirmations to your "known" list

Generating sender email addresses, that will allow a specific sender (such as a mailing list) to send you email. No one other than that specific sender will be able to use a sender address

Generating keyword email addresses. This is similar to what you're talking about already. Where you generate unique addresses, each of which will be allowed to get to your mailbox. But will also allow you to track who is giving out your email address.

TMDA takes a little bit of work to be able to understand what's going on, but once you get it set up, it's pretty effective.

The trouble is that every address you use gets on spam lists and gets spammed forever. By having 100's of addresses, you get 100's of times more spam than you otherwise would. Even if you can filter it on arrival so you don't have to see it, it's still clogging your bandwidth and you can always filter a legitimate email.

Hmm, what about this?

Run your own DNS and mail servers, and use your own domain name. Generate a unique hostname every time you need an e-mail address, and use yourname@00001.yourdomain.com as the address. After you're done with that e-mail address, delete the hostname from the DNS, or change it to resolve to 127.0.0.1 or something. You might still get DNS queries, but that shouldn't take much bandwidth at all, especially since DNS is cached.

The reason that spammers send UCE is that it works. There are enough idiots out there that read and respond to spam that if the spammer sends out ten million messages, they'll still get a couple hundred responses. And as long as they continue to get these responses, they will continue to send spam.

I think that the way to shut them down once for all is to educate people about what spam is and why it should be reported, and above all, not responded to. This way, the market that spammers will target will dry up and then they will stop sending their UCE out.

Cultural issues also contribute to the problem. Many spammers in Asia say they do not understand why spam is a problem. "It's a sign of respect that someone sends you an electric business card. It means he wants you as a customer," said Zhao Peng, owner of a computer store in Hong Kong.

Cultural homogeny is one of the most fascinating aspects of the internet. Sure, in much of Asia, it's traditionally a sign of respect to give an individual a hard copy of your business card. But that in itself is just the most recent evolution of a long tradition of formalised introductions and determining of relative position, and there's no reason to believe that spam will continue to be tolerated by users there (assuming this claim is true) once the novelty value wears off.

I'll go out on a limb to suggest that while UCE within Asia is perhaps currently viewed as synonymous with a business card, given time, when it is viewed in its own light (rather than as just being considered analogous to a traditional activity), it will be viewed with the same contempt and hatred that the rest of the world already has for it.

I'll draw a parallel with email in general in the US and Europe. For those coming late to the party, many early (80's and early 90's, and by the way, I was a Prestel user in the 80's, using my ZX Spectrum and breeze block modem) home and business users of email initially tended to treat it as a letter, starting with "Dear Bob", and taking care with spelling and punctuation. (Don't confuse this with academic users or l33t h4x0rz coming to the medium with a fair idea of what it was and why they wanted it). It took a while to evolve in popular consciousness into more of a informal and disposable post-it note or phone call analog, although really it's in a category all of its own.

So while it's easy for us to scoff in disbelief at the naievete of Asian users now, let's not forget those Dear Bob days. Global consensus will take a while to arrive. And lest we get too high and mighty, it might very well involve a shift in our perceptions as well.

You see, the thing that really bugs me about spam is that it's so moronic and illiterate. "!!!MAKE $$$ FAST!!!" it shrieks, and "you have, nothign to loose!". Call me strange, but if I were (ever, in theory) to receive a small, literate and polite spam that didn't lie about remove options or oversell itself, it just advertised a product, then I'd be far less inclined to spamcop it. The idea of a "business card" type spam is far less loathesome to me than yet another two hundred line "THIS IS NOT A PIRIMID SKAM!!!!!" monstrosity.

I get tons of Asian language spam - it wouldn't break my heart to block them all.

I'm actually looking forward to my @home email address dying at the end of this month because that's where nearly all of them come to. Hopefully they won't be smart enough to simply replace @home.com with @comcast.net.

I run a small mail server, mostly providing mailing lists to the automotive community. While my lists weren't affected (I have reasonable anti-spam rules in place), a server in Taiwan was spamming every address it could find in my domain with dozens of unique spam per day.

The usual ip tracing ensued and I tracked it back to a small ISP. Hoping that I would reach someone who spoke (or wrote) English, I sent a copy of my logs and an explanation to "postmaster@", "abuse@", "webmaster@", and any other address I could think of. Amazingly enough, after about 12 hours, I received a reply (in somewhat broken English) asking for more logs, and a confirmation of the time zone I was using in my logs (UTC, for what it's worth). After I replied, I received an appology that one of their "clients" had bothered me and assured me it would be taken care of.

To this date, I have not received another piece of spam that I have attributed to that ISP. I realize that this is the exception and not the rule, but I thought it was worth noting that there really are reasonable sysadmins "over there".

I had a similar experience. I got tons of spam from a particular IP block, all pretty much alike and all supposedly from a bogus.tw domain. When I finally looked up the IP, I found the block was owned by some university in Taiwan. The contact email was dated 1996, but I forwarded one of the spams to it anyway and asked the person in charge to investigate and stop the spammer.

No direct response, but the spam stopped immediately, and I've never received another from that source.

The first parallel that came to mind was the "death sentence" proposed against UUNet a few years ago for their fostering spamming activity.

The action represented the response of a group of responsible internet members that had finally tired of both the activity and the lack of response from a greedy company who seemed to have no respect for bandwidth and privacy issues.

It seemed to work then and maybe it's just what's needed now.

It's about time that some of these ISP's discover what happens when the fecal matter hits the oscillator.

I turned in a complaint to hinet.cn, I think it was, about a system with Code Red banging away at one of my web servers. I included a snip of the web server log, along with a note that my servers are NTP sync'ed.

The response was "without full e-mail headers, we can't do anything."

Hmmm. It's not e-mail.
I am discussing with my employer the option of blocking all 202/8 203/8 210/8 211/8, all of Road Runner but the MX'es, *.cn, *.tw, *.ru, *.pl, and *.mx domains too. I don't know the ip range assigned to the domains, so if you do, post a follow up! (I have Road Runner netblocks, there are just too many to put them here.)

I recently got a spam that was relayed through an open relay at a huge IT contracting firm! I sent them an E-mail and asked them if they needed some more security people to help with their network management, along with a copy of the offending E-mail (Heh heh heh.)

Spam from Yahoo and Hotmail is most likely forged these days. Both outfits have done an admirable job cleaning up their own users. Fat lot of good it did them. If you and too many others continue to "punish" them, they may decide that their efforts were for naught, layoff their abuse desk staff and go back to the old ways. Is that what you want?

I did something better. I don't block them on my servers but I do have a procmail recipe to quarentine mail from, say, hotmail.com that doesn't have a Received line with "hotmail.com" in it. You would be amazed at the sheer amount of spam that it caught. Now mind you this filters out legit mail from someone that sends mail from their ISP with a From: of their hotmail.com account. It blocks ebay and paypal mail of the like manner, with the From and Received not matching up. It did catch a lot of spam though. Someone with more procmail logic that I have could extend that to a scoring method that would work really well. Also, add eudoramail.com to you list.

I also filter message bodies for the common remove sites like autoremoveemail.com and others. That's garunteed to work.

most of my spam come with forged email headers supposedly from yahoo setting up a filter in my email ap to block anyincoming mail from yahoo would block 90% of my spam but unfortunately I get legitimate email from yahoo email users:-(

Spam, while annoying, is not the end of the world. If it really gets on your nerves, use a program like Vipul's Razor [sourceforge.net], and help add spammers to its database.

Just because I don't like getting junk mail credit card offers, doesn't mean I refuse all mail from Delaware to teach them a lesson. Here's a tip--throw it away. I get nowhere near enough spam in my inbox to interfere with legitimate mail (although I don't doubt there are exceptions that do....) and I don't even use a filter!

I get nowhere near enough spam in my inbox to interfere with legitimate mail

At one time I was spending a couple hours a week configuring filters and deleting spam. Now I have a list of known addresses I accept mail from. Everything else goes into the spam folder. I check that once a week, takes about half an hour to go through it and move real messages to the appropriate places. Then I delete the rest.

I get nowhere near enough spam in my inbox to interfere with legitimate mail (although I don't doubt there are exceptions that do....) and I don't even use a filter!

Ever heard of small number statistics? Just because its not a problem for you, doesn't mean its not a problem for everyone else. Either you don't have much of an online presence on USENET, or the web, or you've been extremely lucky. I get a couple of hundred spam mails a week, ninety nine percent of these are automagically junked by my custom filters. The remaining one percent is still an pain in the backside...

Again, I don't think you're the majority, by any means. I suspect the majority of my spam comes from websites that I run. I use Usenet, but I don't use Usenet in conjunction with email, for this very reason. I use no filters, and it quite honestly isn't an issue.

Honestly, what percentage of Internet users do you suspect get hundreds of spam-mails weekly? I'd bet it's very few.

Like I said in my original post (which you quoted) there are exceptions. I believe you're one of them. And I'm sure it pisses you off to no end, I'd be pissed off too. But because you're pissed, we should block a continent?

Again, I don't think you're the majority, by any means...But because you're pissed, we should block a continent?

I'm not asking you to block a continent. A bunch of people are pissed off, and are doing something about it. You're free to accept mail from Asia if you want, but the people that get bucket loads of spam from Asia have had enough and are going to black hole them until they've learned manners. Why is this a problem?

This is the internet showing its true colours, if you don't want mail from Asia, you don't have to accept it...

I get nowhere near enough spam in my inbox to interfere with legitimate mail (although I don't doubt there are exceptions that do....)

It's not the exception, it's the rule. 30-50% of the inbound mail to AOL's mail gateways is spam, and even after massive filtering we all know that AOL users still see a lot of spam. You're the exception.

No, I'm not. Probably 30 to 50 percent of my email is spam, too. But, like I said, I throw it away. More than 50 percent of my snail mail everyday is junk mail, I throw that away too. That sound like a lot of junk mail/spam email, but you know what? It's not as big of a deal as people make it out to be. I feel sorry for the guy who gets 200-300 messages a day from Usenet, and has to dump half of it, but that's why I don't use my email on Usenet, I read follow-ups in the group.

If you ask 100 people on the street if they get more than 30 emails a day, what do you think the result will be? I'm willing to bet 95 of them get well under that. And how hard is it, really, to delete 15 messages you don't want? People do it everyday will snail mail... and to re-state my original point: it's annoying, but not a reason to refuse mail from a huge geographic location.

Maybe for you. But read the article. There are mail admins who receive more than a hundred spam requests per second from chinese ip addresses. That adds up to REAL money, really quickly. Adding the addresses to this database still costs bandwidth, since you have to receive all the headers before you can run your spam check.

Global blocking of the connecting IP range means you can do it from the first SYN packet.

You're neglecting the cost in bandwidth to transmit all that spam. Multiply your situation by a couple million.

Remember that the next time your connection seems a little slow.

Good spam blockers don't just filter the email, it's already wasted bandwidth and resources at that point. Good spam blockers such as rblsmtpd from the qmail package drop the connection as soon as a black listed IP connects, with an error message for those sending legitimate mail.

While some spam being transmitted by Asian servers appears to be sent by the locals, Western spammers are exploiting Asian mail servers and using them to relay mail.Many Asian systems often run old software or software that hasn't been configured securely or patched properly, experts say.

Well, if people can exploit the problem and get a response from the sysadmins saying "I can't do anything about it", maybe instead of us blocking their servers (quite easy to do), someone should put on a blackhat and go patch some of those holes. (This came up and was heavily discussed during the Code Red and Nimda attacks.)

I dunno, but I think a moral hacker would find it quite rewarding to screw up a spam creaters cash cow.

In November 2000 I spent 1 month in Hong Kong sorting out the Spam problems one of the largest ISPs was having, in my job as security consultant.

The situation was dreadfull, with no abuse department and no way of detecting/stopping abusing customers, or even stopping customers being abused.

I killed 99% of the Spam by warning all customers we were testing for open relays, and offering to actually help them if they didn't know.

I then spent 2 weeks trying to configure about 30 different mail servers I had never even heard of, and one which didn't even return 1 result on Google!!

We got there in the end, especially once we firewalled port 25 for those customers who didn't want to listed.

The next step was to write belt-and-braces Terms of Service for the client and ensure the abuse@isp address was checked and actioned on a daily basis by a full-time member of staff. If abuse went unchecked, then we pulled the plug on the customer and banned them from coming back, or we'd prosecute (sometimes tricky in HK)

I *always* check who sends me spam, and I'm pleased to say none has originated from that ISP since I did my work there.

We tried to re-sell the solution to all other ISPs in the region, but they didn't bite due to a) expensive consultant fees, and b) not really caring.

I pointed out they were large ISPs who fully deserved their.net addresses, but were rapidly losing face amongst their peers for continuing to ignore the problems. *sigh*

But what else can be done to solve this problem with China and other Asian countries?I agree that the 'no response' from many of these places is frustrating, but has anyone offered to train[1] some of these people in setup and configuration of their servers?Has anyone who is bilingual offered to translate the user manuals into Japanese, Chinese, or Korean?Has anyone taken the time to explain to them that by lax secuitry / improper setup on the EMail server usually points to more problems with in their network?Education is the answer to this problem, and we need to take the lead.

[1] Okay, it might be impractial to fly halfway around the world to train someone in server configurations just to stop spam, (although a cost/benfit analysis might prove otherwise if the volumn is extream!) but has anyone offered to train someone from Asia on this side of the globe?

Education is the answer to this problem, and we need to take the lead.

Education is the answer to ignorance. Are we sure ignorance is the problem? With so many reports of mails to abuse@ going ignored, so many open relays reported and yet remaining open, I have to wonder whether it's not often an attitude problem (not that Far Eastern ISPs have a monopoly on those), and that's much harder to know what to do about.

The 2 servers I manage and what I reccomend to many is to set up filters to block or auto-delete anything from that country's TLD..kr is the biggest problem lately. It is too bad that it has to happen, but I at least tell people to set up their filters in such a way to make their maillists first and anything that is really wide like banning a country last. That way real email from somone about PicoGUI that is in the.kr land I will see, but the junk that goes to my inbox dies.

legitimate use of a DDoS attack. I know it is wrong on so many levels and immoral and all that, but doesn't it just make sense on a primitive level that if they are unwilling to shut down their open relays, someone else should shut them down for them? 24 hours notice, then hit them until they promise to shut it off. Make there be direct consequences for them not playing nice on the net.

Like I said, I know this is inherently flawed, but it is nice to dream. Mmmmmm, vigelante justice on the net...

the place where i colo is just now doing this after tracing the bulk of the spam coming into their own network from chinese ISPs and most especially china.com

rather than refusing email from the offending ISPs, they are going to the rather extreme measure of refusing connections entirely (at the router, i guess, though i'm not certain how the network is set up...) from the entire IP ranges of a number of the offenders.

so, now all my domains (and all those colo'd at my ISP) will basically be inaccessible to anyone in china. big deal. all the traffic i get from china is either spam or nimda requests. woo friggin hoo.

it has yet to go into effect, but i expect it will make a big difference in my monthly bills, as i pay for bandwidth, even if it's spam sent to people on my mail server.

as some folks are bound to say, it's more than a bit presumptuous to basically say "play by my rules or get off the field" where "my rules" are typically those of the mostly american, english speaking internet population, but in this case it's more a case of "play nice or go home"

rather than refusing email from the offending ISPs, they are going to the rather extreme measure of refusing connections entirely (at the router, i guess, though i'm not certain how the network is set up...) from the entire IP ranges of a number of the offenders.

What they'll be doing is redirecting the eBGP route (ie. bit that says "go here to get to their IP block") for the ISP concerned to the routers equivalent of/dev/null. We use this technique a lot to dump traffic from problem areas until the problem is fixed as it's quick and easy (usually a one liner in the config) and 100% effective. It's a good way of bringing people into line, although usually just the threat of this is enough to prompt any action that is going to happen since it's about as extreme as one ISP can be to another.

Some Chinese and Korean systems administrators said documentation for the software they use is often available only in English, which complicates securing their systems.

This is an honest problem, because it's not the the ISP's fault that they can't get native-language documentation for the software. But if they're running the software at all, it becomes their problem. Why would any responsible system administrator install software when he can't read the documentation? Educated English speakers aren't such a minority in the far East. It's the ISP's responsibility to hire them, or else get software documented in their own language.

Cultural issues also contribute to the problem. Many spammers in Asia say they do not understand why spam is a problem. "It's a sign of respect that someone sends you an electric business card. It means he wants you as a customer."

This is just willful naivete on their part. If they think that sending an electronic business card is a "sign of respect", that's fine. But they need to understand that in the West, unsolicited advertising is an overwhelming inconvenience and is not welcome by the vast majority. Cultural relativism swings both ways.

Piracy is free and open and common in the far East, which irritates Western corporations and makes poor Western college students and hackers giggle with glee. It's rampant and unpoliced because the notion of information ownership and copyright just don't exist over there. But here's the flip side to that coin: unrestricted dataflow from the West into the East also means unrestricted dataflow from the East to the West. As music, movies and software comes in, spam goes out. Like it or not, they're both travelling through the same door.

If the Chinese ISPs want to provide their people a gateway to the free world, then it's their responsibility to cooperate with how the free world works and act responsibly within that setting. If they don't, then they get blacklisted like this and lose their right to be a gateway.

Why not use a domain hitlist? Get more than a couple of spams from a domain, bounce everything from the domain[1]. It's less arbitrary than closing off everything from Asia on the basis of a few spammer ISPs.

I was surprised when I read this article on Wired yesterday. I thought I was the only one doing this. About two years ago, I cut off all of China from my mailserver at work -- we don't do business there. We were being flooded my SPAM on Chinese open relay servers. It got to the point where some users were getting more SPAM than legit mail. Once China was cut-off, the SPAM dropped off to a trickle. Then Korea became the next SPAM hot spot for us and I cut them off as well. Granted its some of the SPAM is from "white folk" that are using these open relays to SPAM Americans. If I could track them down and actually do something legal to them as opposed to beating them with a 2 by 4, I would. So far, the US Government has been pro-SPAM with the only legislation being introduced as "opt-out" systems.

The Asian nations would not be in this situation if they understood the proper way to run a mailserver and dropped the insane cultural notion that obnoxiously shoving a business card in someone's face is courteous and expected. I worked in Asia during the early 90s (mainly Singapore, Hong Kong and Taiwan) and from my experience of working with Asian businesses, this problem will not go away. Unless it's not hurting their bottom line, it doesn't matter if its hurting ours.

I run several small community mail servers, and I firewalled off China, Korea, Taiwan and Japan about a year ago. It was the best thing that I ever did for those servers. Spam dropped down drastically, and I'm yet to get a single complaint about somebody not getting mail. Sucks to be in China, I guess, but this is a solution that, for me, has proved to be perfect.

frustrated sysadmins in the West are responding to a torrent of Asian spam by simply refusing all e-mail from that part of the world [says Slashdot]

Anti-spam activists confirm that a growing number of beleaguered systems administrators are now blocking all e-mail originating from Asia from their systems [says the article]

Bollocks, says anyone reading it with a critical eye. There are no references or sources for this sweeping "all Asian email" statement. The single reference is to Spamhaus [spamhaus.org] which implements selective listing of domains that persistently generate or carry spam and decline to respond to spam reports. Most of their listed ISP's are currently US based. There is specific mention of two Chinese ISP's, and none from any other Asian nation.

To make a story out of this, you have to cite metrics. The fact that Spamhaus are currently blacklisting China Telecomm no more proves that "the west" is blocking "the east" than a story about anyone temporarily blacklisting AOL (again) proves that there is some mass move to block "the west".

Without giving metrics, you're just providing anecdotes. Persuasive anecdotes, sure, that probably appeal to our personal experiences, but those are the most dangerous kind, because they stop you looking for the real story and asking the real questions.

The real question here isn't "Why do Spamhaus currently blacklist China Telecomm?" but "Why don't Spamhaus currently blacklist Roadrunner?" or any of another half dozen ignorant ISP's that deny that they are injecting spam even in the face of unequivocable header evidence. Perhaps we in the "west" (sweeping-generalisations-r-us) could go about cleaning up our own house before we go gunning for those coming late to the party.

I run several mail servers, and I admit my filtering is noxesitant, I have as of late however began to recieve spam by the boatload from asia, Myself and my clients would have no problem with such a filter ?

Are there any sample sendmail configurations out there to reliably do geographic filtering ?

A few months ago my email address ended up on a Korean spam list. I've been using the following procmail rule since:

:0:* (^From:.*\.kr |\
^.*ks_c_5601)SPAM

It catches about 95% of the spam from Korea. It's sad that I've had to resort to filtering email from an entire country.

What has amazed me about the whole thing is the spam I receive from there is usually written in the ks_c_5601-1987 character set. Since Korean is not a really popular language throughout the world, the chances of someone understanding the spam is very slim (I haven't been about to find a good Korean to English translator that actaully works). IMHO, the spammers are just wasting their time.

Shouldn't I block USA? It's the same arguments, right? Didn't some dude say: "How can you say to your brother, 'Let me remove that splinter from your eye,' while the wooden beam is in your eye?"...Blime...

"Jack(export manager)" wrote:>> Dear Sir> How are you.>> We are a lighting factory in China,It is glad> to introduce ourselves to you:>> I am XUBIN (Jack) , XUBIN is my chinese name , you can just> call me Jack !! , I am export manager of [deleted],> China, our group have four factory[snipped]>> Here is our company profile:>

[Rest of sales talk snipped]

(And now, the reply)

Thank you for your coded order. The weapons and ammunitionwill ship by way of the usual route in ten days, and youalready know our secret Swiss bank account number towire the payment to.

It is a pleasure doing business with you for so long,and I hope your cause will prevail. I am new to thisparticular computer, so I hope the encryption isworking and the monitoring authorities cannot readwhat I am sending you.

I've read a few of the opinions here about why they're uneasy about blocking off entire domains like this, but I still can't see this as anything but a Good Thing(tm).

There are those who are uneasy about blocking off access to a free and open medium. But if the medium is truly free, then you should also be free to block traffic that you don't want. Seriously, if you carry that point of view to its logical conlusion you shouldn't be trying to avoid spam to begin with and reading it should be compulsory. Just because everybody has a voice doesn't mean you have to listen.

Should ISPs be held accountable for the actions of their users? No. But they should be held accountable for their own actions, and one of their actions is aiding and abetting known spamers. They've received the warnings and complaints, they've seen their own mail server traffic and have access to their own logs, and their decision to do nothing implicates them. If a bartender can be held accountable for letting a known drunk drive home and if a gun store owner can be held accountable for selling a gun to a known felon, why shouldn't ISP's be held accountable for selling service to a known spammer?

And as for the legitimate mails that may get blocked by firewalling off Korea or whatever, why should we be held accountable for the foolish choices made by these customers? If anything, blocking their e-mails should be seen as a benefit, allowing the user to learn first-hand the despicable pro-spam tactics of their ISP and make an informed decision. If they don't jump ship after that they deserve what they get.

They're our routers, our mail servers, as long as our actions don't abuse other peoples' resources (like spammers) why shouldn't we do whatever we damn well please with them?

This is mostly on topic, but a little off because it doesn't soley deal with Asian address blocking.

The idea goes like this:
Why not have a sort of "Name" tag in email. This tag could be an MD5 Hash of anything you want. If the people who sent you the email knew your name, or any valid name tag that you gave them (Multiple Name tags would be simple, just sort them into folders) You could just supply the "Name" with your email address, something like "Yeah, email me at prudan@example.com, name tag (prudan)" Anything that doesn't have your name tag would be sorted into a spam / unknown folder, or you could even bounce it back saying that the name was invalid.

Some pros and cons to the idea:

Pros:

It will require more processing power for spammers to send out lots and lots of spam. Each message would need its own checksum if they are guessing at a valid name tag.

This would really make it so that you have different email addresses, without all the aliasing. You want to use a business address? Make one of your name tags "Business", and assign that nametag to a folder just for that.

Adding this to email clients would be a trivial task.

Done at the client level, so it adds no server processing overhead.

Cons:

Spammers will start trading name tags too, so changing your MAIN name tag every so often would probably be necessary.

I've had the fortune (misfortune) to deal with some of this first hand.

About 1.5 years ago I was working for iPlanet as a backline support person. The summer of 2000 we had a rash of Asian telecos running our e-mail server and crashing and burning.

So I got sent to Asia to try and figure out what was going on at our three largest telcos there, Unitel [unitel.co.kr] and Hanaro Telecom in Korea and Jiangsu Telecom (can't find their homepage at the moment) in China.

What I found in both cases was frightening. Pro-Serv had done a good job of implementing a mail system that would handle a normal user load just fine. But, in both cases the load was 5 times what was planned for. So the servers we're dying under the load.

After very little investigation it found out that several of the subscribers were spamming via their ISP. When I first pointed this out to the powers that be there I got a blank reply along the lines fo "So?".

As management and I delved into it the opinion that the ISP was forming was that these are customers, we can't just cut them off, they will leave and we will lose money.

I tried the normal counters like, "The abusers are bringing down the service for your normal subscribers. The normal subscribers are getting mad (some even started anti Unitel sites) and they're going to leave in droves if this keeps up. And then all you're going to be left with is a few subscribers who are costing you more in the long run. Bandwidth costs associated with the spamming, hardware upkeep for a few users, etc.

The sysadmins and techs got all this but management was so scared of losing a customer and that customers money that they would not dare do a thing about it.

I ended up leaving both sites having accomplished stabilizing the systems as much as I could but not solving the actual problem, getting the ISP to come up with and enforce some terms of service.

So to me what it comes down to is capitalism run amok, espically in Korea. Management is so blinded by "making it big" they fail to see the real disaster looming on the horizon.

Don't blame uncaring techs, blame the top level for driving this thing into the ground.

At least I can say I had a great time visiting those countries and taking in the other parts of their real culture. But, July in Seoul is miserable.

No it's not a huge setback. Eventually the various Asian admins that are causing this will get the clue and fix their mail systems.

I get roughly 100 messages or so of SPAM a day on my Hotmail account -- I can't give an accurate number because I keep blocking entire domains (some jackhole, and I think I know who, decided to add me to various coupon and ad sites, which becomes a deluge as they share mailing lists). Of the 150 or so blocked domains, about 10% of them are Asian (surf to xyzzy.net and note that entire webpage is in a font I don't have installed).

Make a law? Sure. In which country? Or do you mean you want to outlaw SPAM in the US, and then somehow think you're going to be able to prosecute a company located entirely in North Korea under US Law? Things just aren't that easy. I'd like to see a reasonable way to legislate SPAM to be illegal, even if it only did affect the US, but I'm yet to see anything that has teeth AND makes logical sense.

Where are you going to pass the law, and how are you going to enforce it in Asia? The only hope would be an international treaty, and even then, it's up to the participating countries to pass and enforce laws dictated by the treaty, and even then, nothing's forcing them to even sign it, and it would also present an opportunity for power grubbing government types to steal even more rights.

There is no good solution, except maybe a good international asskicking. (Not like war, I mean like physical asskicking of the people involved.)

Plan, that way every time I send an email to a college professor asking about one of his papers or send an email to someone who posts on Slashdot I'm gunna get carted off because it is unsolicited email. Probably best if people like you dont draft laws.

What about getting laws that say that unsolicitated mail is illegal? Shouldn't that do the trick? Anybody got some good reason for why laws like this shouldn't come true?

We could pass all the laws in the West we want but they would be completely unenforceable in Asia.

Perhaps an international body of enforcers could be set up similar to the WTO where fines or punishment could be meted out with the full backing of each nation. But that's not likely to happen seeing as there is little money involved- unlike trade.

Well, it's a shame when that happens. I am from Asia, and when I was there I didn't even have the confidence to use local ISP email account. Anybody can still use yahoo, hotmail or any other free services to contact their western friends.

I guess this affect Asian businesses more than the local folks. When businesses start to complain to their ISP why they can't send any mails to their western counterparts, maybe the ISP will start to listen.

Some ISPs there have very under qualified admin (the good ones moved here to the US;-), heck, some of them can't even understand english very well. ISPs there have a habit of hiring a contract person to set up everything and leave it.

Why is this a setback? In the 1994 days, when the net boomed, lots of people got onlne and there was a chaos of newsgroup/email spamming. These people have largely learned. Then MS internet users got online in 1995. Same thing. Then AOL users. Each one of them will learn, so why can't Asian's countries? Have some faith in the smartness of SysAdmins!

In the 1994 days, when the net boomed, lots of people got onlne and there was a chaos of newsgroup/email spamming. These people have largely learned. Then MS internet users got online in 1995. Same thing. Then AOL users. Each one of them will learn...

Actually it's still September '91 as far as I'm concerned, and if you don't know what that means, you're part of the problem...

If I remember correctly alot of us did exactly the same thing to mail, and usenet posts, originating from AOL back when if first gave its users full internet access. We blocked it, entirely, eventually the news filtered through that they'd more or less learned manners and we unblocked them. Although I still know of a couple of small academic sites that block all incoming mail from AOL and MSN. Go figure...

This isn't new, people have been doing it since we first started hooking all the various networks together in the first place. Admittedly I can't remember it ever happening to an entire continent before. Personally I think its a reasonable idea...

That's brilliant! Then, we can make a law that outlaws terrorism! And then fascism! And rudeness, and poor driving, and taking the last donut! Hell, we could just make a law that outlaws 'being mean' in general!

And while we're at it, we should make it illegal to respond sarcastically to extremely simplistic solutions to complex problems! Yeah!

"What about getting laws that say that unsolicitated mail is illegal? Shouldn't that do the trick? Anybody got some good reason for why laws like this shouldn't come true?"

Spammers and the ISPs that support them have reasons not to do that. And while they may or may not be good reasons, they have money and they have lobbyists, so don't hold your breath for such legislation unless this becomes a big issue this November.

What about getting laws that say that unsolicitated mail is illegal? Shouldn't that do the trick? Anybody got some good reason for why laws like this shouldn't come true?

Who's going to pass this law? The United States? France? Antarctica? The problem with "getting a law" is that this "crime" is committed with the villian in one jurisdiction, and the victim in another. If the United States passes a law saying that UCE is illegal, how are they going to catch and punish somebody in China? And if a US law has active force over the activities of a Chinese citizen in China, doesn't China have just as much right to make laws that have force over what a US citizen does in the US? (Yes, I know, DeCSS; we've already had that, yada yada yada. You want to re-hash that, submit a different story; we're talking spam here.)

There are really only two solutions that could work and are similar to what you are proposing. First, a treaty between the United States (Canada/UK/EU/...) and the Asian countries banning UCE sent between the signing countries. However, allowing UCE brings currency into the economies of the countries that condone it, so I don't think they'd sign something like that unless the alternative was worse. (Cutting off their country's email might qualify as worse.)

Second, declaring that the UN or some other international governing body has jurisdication over this matter and can set criminal penalties. Personally, I despise the thought of giving more power to any international governing body; if you can't abide by what a country's government is doing, you have the option of leaving that country and moving to another. What could you do if you couldn't stand the world government? (I hear the nights are cold on Mars...) I would prefer to avoid anything that looks like it's taking us closer to this possibility (such as enforcing US laws on citizens in another country...)

All that said, I don't think that the final solution to this problem will be resolved in the legal arena. This is a technology problem, and will most likely be resolved with a technical solution, such as a total re-working of the internet mail protocols. The black-listing of entire Asian regions is just a stop-gap measure that probably won't really work for long.

Well, in my job, I have had the pleasure of talking to many a customer who had an open relay. Here are some VERY common reasons:

"What mail server?" Someone's DNS has a mail server installed on it. The customer did a default install of his OS and it installs a mail server by default. Some customers are not even aware that there is a mail server installed on the box.

"That old box?" "Sendmail 8.6-SMI runs just fine, why would I change it?" MTAs came 'open' by default untill about 3 years ago. You would be supprised at how many mail boxes just run at the back of some office for years on end with no intervention.

"But, it needs to be open" Customers have users who travel or send mail from different ISPs. Instead of using POP-before-SMTP or AuthenticatedSMTP they just open the mail server up to everyone. It is just easier that way.